Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/Do0JSgiNCqriv80PIhtwMnexSNc.roa
File:                     Do0JSgiNCqriv80PIhtwMnexSNc.roa (raw, json)
Hash identifier:          RwQMBdH7IsYN85P3xCXPyoXK0UkudDgkL+/EfmT5Xt0=
Subject key identifier:   0E:8D:09:4A:08:8D:0A:AA:E2:BF:CD:0F:22:1B:70:32:77:B1:48:D7
Certificate issuer:       /CN=3fedd85c1eccb5ff4ba930117a7329099c0ff2eb
Certificate serial:       018CC348EFAAE14742639D158CA92CB6F7C8
Authority key identifier: 3F:ED:D8:5C:1E:CC:B5:FF:4B:A9:30:11:7A:73:29:09:9C:0F:F2:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-3YXB7Mtf9LqTARenMpCZwP8us.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/Do0JSgiNCqriv80PIhtwMnexSNc.roa
Signing time:             Mon 01 Jan 2024 04:29:46 +0000
ROA not before:           Mon 01 Jan 2024 04:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202940
IP address blocks:        84.108.143.0/24 maxlen: 24
                          84.108.142.0/24 maxlen: 24
                          84.108.142.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/P-3YXB7Mtf9LqTARenMpCZwP8us.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/P-3YXB7Mtf9LqTARenMpCZwP8us.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-3YXB7Mtf9LqTARenMpCZwP8us.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 18:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:ef:aa:e1:47:42:63:9d:15:8c:a9:2c:b6:f7:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fedd85c1eccb5ff4ba930117a7329099c0ff2eb
        Validity
            Not Before: Jan  1 04:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e8d094a088d0aaae2bfcd0f221b703277b148d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:50:83:ec:23:74:ab:c2:cf:64:e7:0c:68:32:
                    00:c1:b2:6e:fa:2f:40:bc:97:aa:ea:b9:35:35:f7:
                    78:bb:e8:3f:92:f5:e8:a3:0e:c9:b3:ff:f1:2f:47:
                    10:e3:aa:25:fb:c3:07:e5:ee:72:85:d2:1c:52:b3:
                    52:6a:8c:78:96:b0:71:d4:b4:6d:a7:79:61:3e:f7:
                    94:bd:bc:8c:e9:aa:ee:6f:95:48:f8:ea:89:7a:f1:
                    12:b5:ec:2a:ee:7d:ee:08:86:9d:62:81:bb:90:3e:
                    b8:83:55:f4:36:e8:90:1e:3a:8e:e0:a6:07:fa:9a:
                    4d:27:4c:e9:ee:b2:98:52:f6:21:80:73:44:44:76:
                    eb:dc:33:0a:03:52:6a:a5:30:a4:f5:8d:91:76:79:
                    ab:39:26:8d:01:0a:19:d7:57:31:72:50:33:47:fa:
                    27:75:78:5d:85:7a:58:27:e0:ce:ed:9b:1e:54:d0:
                    42:9e:1b:d4:8c:68:2b:90:ff:10:f9:b8:3e:ac:87:
                    d3:10:97:33:16:90:49:f3:dc:dd:53:02:31:85:d1:
                    3f:9f:2f:7f:c6:6d:19:d8:6f:0b:2b:99:da:84:6a:
                    dc:fe:19:74:c2:e7:5f:fd:0d:dd:e2:81:f8:4e:82:
                    ed:d0:c4:37:b3:90:28:a3:0f:63:a6:72:10:cb:fd:
                    f7:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:8D:09:4A:08:8D:0A:AA:E2:BF:CD:0F:22:1B:70:32:77:B1:48:D7
            X509v3 Authority Key Identifier:
                keyid:3F:ED:D8:5C:1E:CC:B5:FF:4B:A9:30:11:7A:73:29:09:9C:0F:F2:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-3YXB7Mtf9LqTARenMpCZwP8us.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/Do0JSgiNCqriv80PIhtwMnexSNc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/41c321-347e-4c3e-affd-e2b527728e96/1/P-3YXB7Mtf9LqTARenMpCZwP8us.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.108.142.0/23

    Signature Algorithm: sha256WithRSAEncryption
         75:92:67:e5:d4:4d:64:e2:da:f2:ad:33:73:9f:6f:40:f7:c2:
         8f:ee:da:89:e5:dd:38:37:d1:d6:70:4c:0f:e2:bb:20:b3:98:
         12:0a:79:85:6e:2f:fd:85:8e:59:ae:d5:25:bb:2b:b7:75:94:
         5b:37:88:b4:54:a8:1d:aa:5c:9b:0c:83:10:6f:16:8f:1d:dd:
         b4:71:07:ed:92:47:d4:70:7b:d0:3d:de:b2:76:73:76:9e:c7:
         52:e1:03:b4:c6:51:ce:7d:a5:d0:51:6b:78:c2:e9:0f:b2:c0:
         ad:b7:26:44:90:8e:6e:a0:19:27:65:89:56:fc:76:a2:2c:81:
         b5:9d:70:05:c7:c3:c4:11:c0:8d:8e:f7:b1:ae:69:dc:25:c1:
         55:32:7e:58:28:b3:04:9f:fd:c5:a0:ce:ef:6c:d0:7b:4d:f2:
         80:16:e7:03:57:15:64:2e:f7:1a:a4:d7:27:69:c6:ea:f3:4f:
         d8:07:b6:4b:e1:80:b7:05:8c:11:5f:06:a8:40:98:75:c9:a3:
         2c:81:d3:2d:fe:f1:5b:2d:1a:eb:36:bb:57:e7:6a:82:fd:2e:
         03:dc:54:ca:cb:22:d6:7a:26:41:b6:4f:8c:6c:bf:a8:7d:70:
         1e:3e:04:0f:01:63:32:ef:12:18:b0:ea:ef:60:f4:c3:95:33:
         9d:37:8c:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSO+q4UdCY50VjKkstvfIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZWRkODVjMWVjY2I1ZmY0YmE5MzAxMTdhNzMyOTA5OWMw
ZmYyZWIwHhcNMjQwMTAxMDQyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZThkMDk0YTA4OGQwYWFhZTJiZmNkMGYyMjFiNzAzMjc3YjE0OGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhlCD7CN0q8LPZOcMaDIAwbJu+i9A
vJeq6rk1Nfd4u+g/kvXoow7Js//xL0cQ46ol+8MH5e5yhdIcUrNSaox4lrBx1LRt
p3lhPveUvbyM6arub5VI+OqJevEStewq7n3uCIadYoG7kD64g1X0NuiQHjqO4KYH
+ppNJ0zp7rKYUvYhgHNERHbr3DMKA1JqpTCk9Y2RdnmrOSaNAQoZ11cxclAzR/on
dXhdhXpYJ+DO7ZseVNBCnhvUjGgrkP8Q+bg+rIfTEJczFpBJ89zdUwIxhdE/ny9/
xm0Z2G8LK5nahGrc/hl0wudf/Q3d4oH4ToLt0MQ3s5Aoow9jpnIQy/33IwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA6NCUoIjQqq4r/NDyIbcDJ3sUjXMB8GA1UdIwQY
MBaAFD/t2FwezLX/S6kwEXpzKQmcD/LrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUC0zWVhCN010ZjlMcVRBUmVuTXBDWndQOHVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC80MWMzMjEtMzQ3ZS00YzNlLWFmZmQt
ZTJiNTI3NzI4ZTk2LzEvRG8wSlNnaU5DcXJpdjgwUElodHdNbmV4U05jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC80MWMzMjEtMzQ3ZS00YzNlLWFmZmQtZTJiNTI3NzI4ZTk2
LzEvUC0zWVhCN010ZjlMcVRBUmVuTXBDWndQOHVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVGyOMA0G
CSqGSIb3DQEBCwUAA4IBAQB1kmfl1E1k4tryrTNzn29A98KP7tqJ5d04N9HWcEwP
4rsgs5gSCnmFbi/9hY5ZrtUluyu3dZRbN4i0VKgdqlybDIMQbxaPHd20cQftkkfU
cHvQPd6ydnN2nsdS4QO0xlHOfaXQUWt4wukPssCttyZEkI5uoBknZYlW/HaiLIG1
nXAFx8PEEcCNjvexrmncJcFVMn5YKLMEn/3FoM7vbNB7TfKAFucDVxVkLvcapNcn
acbq80/YB7ZL4YC3BYwRXwaoQJh1yaMsgdMt/vFbLRrrNrtX52qC/S4D3FTKyyLW
eiZBtk+MbL+ofXAePgQPAWMy7xIYsOrvYPTDlTOdN4wV
-----END CERTIFICATE-----